🔶 An AWS IAM Wishlist

A wishlist of AWS IAM feature requests: IAM Authorization Debugging, Mapping of API Calls/IAM Permissions/CloudTrail Events, SCP Audit Mode, SCP for Resources, and API Request Parameters as Condition Keys.

https://www.zeuscloud.io/post/an-aws-iam-wishlist

#aws

🔶🔷 Manage multiple Terraform projects in monorepo

A look at one possible way to organize and manage a monorepo setup, which will contain multiple projects and Terraform modules, with deployments spanning across multiple targets such as AWS accounts or Azure subscriptions.

https://janik6n.net/posts/manage-multiple-terraform-projects-in-monorepo

#aws #azure

🔴 Google I/O 2023: Making AI more helpful for everyone

A summary of what Google announced at Google I/O 2023.

https://blog.google/technology/ai/google-io-2023-keynote-sundar-pichai

#gcp

🔶 Attacking and securing cloud identities in managed Kubernetes part 1: Amazon EKS

This post provides a deep dive into how Amazon EKS IAM works, and several attack vectors to pivot from an EKS cluster to an AWS environment.

https://securitylabs.datadoghq.com/articles/amazon-eks-attacking-securing-cloud-identities

#aws

🔷 Understanding Azure logging capabilities in depth

Azure includes lots of great technologies, which can be used for logging purpose. Currently, Microsoft is transitioning from v1-method (MMA) to v2-method using DCRs.

https://mortenknudsen.net/?p=1433

#azure

🔶 Connecting Block Business Units with AWS API Gateway

How Block enables backend services to securely connect across business unit boundaries using AWS API Gateway.

https://developer.squareup.com/blog/connecting-block-business-units-with-aws-api-gateway/

(Use VPN to open from Russia)

#aws

🔴 Policy Controller dashboard: Now available for all Anthos and GKE environments

Policy Controller enforces programmable policies for Anthos clusters, which you can manage through the enhanced Policy Controller dashboard.

https://cloud.google.com/blog/products/containers-kubernetes/new-features-and-integrations-for-policy-controller-dashboard

#gcp

🔶 Simplify the Investigation of AWS Security Findings with Amazon Detective

Detective now offers investigation support for findings in AWS Security Hub in addition to those detected by GuardDuty.

https://aws.amazon.com/ru/blogs/aws/new-simplify-the-investigation-of-aws-security-findings-with-amazon-detective

#aws

🔷 Bridging the Security Gap: Mitigating Lateral Movement Risks from On-Premises to Cloud Environments

This blog post discusses lateral movement risks from on-prem to the cloud, explaining attacker TTPs, and outlining best practices for cloud builders and defenders to help secure their cloud environments and mitigate risk.

https://www.wiz.io/blog/lateral-movement-risks-in-the-cloud-and-how-to-prevent-them-part-4-from-compromis

#azure

🔶 Unmasking GUI-Vil: Financially Motivated Cloud Threat Actor

This article describes the attack lifecycle and detection opportunities for a cloud-focused, financially motivated threat actor.

https://permiso.io/blog/s/unmasking-guivil-new-cloud-threat-actor

#aws

🔷 Tampering with Conditional Access Policies Using Azure AD Graph API

Modifications made using AADGraph are not properly logged, endangering integrity and non-repudiation of Azure AD policies.

https://www.secureworks.com/research/tampering-with-conditional-access-policies-using-azure-ad-graph-api

#azure

🔶 Is Cloud Forensics just Log Analysis? Kind Of.

The article discusses the differences between traditional forensics and cloud forensics, highlighting the importance of understanding cloud-specific artifacts and logs.

https://www.cadosecurity.com/is-cloud-forensics-just-log-analysis-kind-of

#aws

🔶 AWS Lambda Function: IAM User Password Expiry Notice

Walk through the necessary steps to set up an AWS Lambda function to email notifications to IAM Users when their AWS Web Console passwords are expiring.

https://blog.jennasrunbooks.com/aws-lambda-function-iam-user-password-expiry-notice-ses-boto3-terraform

#aws

🔴 Google Trust Services ACME API available to all users at no cost

Google now offers general availability of Google Trust Services ACME endpoint allowing anyone to get TLS certificates for their websites for free.

https://security.googleblog.com/2023/05/google-trust-services-acme-api_0503894189.html

#gcp

🔶 Misconfiguration Spotlight: Securing the EC2 Instance Metadata Service

A look at how the EC2 Instance Metadata Service can be taken advantage of.

https://securitylabs.datadoghq.com/articles/misconfiguration-spotlight-imds

#aws

🔶 How to get rid of AWS access keys - Part 1: The easy wins

Learn how to identify unused and unnecessary long-lived IAM User access keys.

https://www.wiz.io/blog/how-to-get-rid-of-aws-access-keys-part-1-the-easy-wins

#aws

🔶 How to choose the right API Gateway auth method

API Gateway supports quite a few authentication and authorization methods, plus, you can always authenticate users inside your endpoint. So, the big question is, how do you choose the right one for your API?

https://theburningmonk.com/2020/06/how-to-choose-the-right-api-gateway-auth-method

#aws

🔶 Detect Anomalies In Our AWS Infrastructure

Low-maintenance Cloud-Based Anomaly Detection System with Bytewax, Redpanda, and AWS.

https://bytewax.io/blog/aws-anomaly-detection

#aws

🔷 OneDrive to Enum Them All

TrustedSec researchers have discovered a OneDrive enumeration vulnerability that could allow an attacker to discover the email addresses of OneDrive users. You can also refer to the companion tool.

https://www.trustedsec.com/blog/onedrive-to-enum-them-all

#azure

🔶 7 lesser-known AWS SSM Document techniques for code execution

A deep dive into AWS SSM Run Command shows that there are multiple documents attackers can use for executing code remotely on EC2 instances.

https://securitycafe.ro/2023/04/19/7-lesser-known-aws-ssm-document-techniques-for-code-execution

#aws